Questions tagged [cryptography]
Cryptography is the practice and study of logical means used to achieve information confidentiality, integrity and authenticity. It covers, among other things, encryption (making some data unreadable except for those who know a given secret element, called a key), data hashing (in particular for password storage) and digital signatures (provable integrity and authenticity with non-repudiation).
2,370
questions
2
votes
2
answers
26
views
In practice, what are the identities in the Needham–Schroeder protocol?
In the Needham–Schroeder public-key protocol we have the identities A and B of Alice and Bob, respectively. The initial version of the protocol was vulnerable to a MitM attack where the fix consists ...
- 697
1
vote
1
answer
32
views
In TLS1.3 server hello can the legacy version field set to 0x0304
As part of TLS1.3 handshake client hello sent containing the TLS1.3 version support as part of suppored_versions extension, consider if as part of server hello supported_versions extension is not ...
- 51
1
vote
0
answers
32
views
Can linear congruential generator be used in public-key cryptography? [closed]
The question is not about generating pseudo-random numbers with linear congruential generator.
A linear congruential generator (LCG) is defined by the recurrence relation:
[ X_{n+1} = (a X_n + c) \mod ...
5
votes
2
answers
2k
views
What exactly is the Randstorm vulnerability?
I've read the article from Unciphered about it, multiple times, and still fail to understand it.
It basically says that wallets generated by the BitcoinJS front-end library from 2011 to 2015 are ...
- 51
1
vote
1
answer
41
views
what should be the response of keyupdate if the initial KeyUpdateRequest is set to update_not_requested not update_requested
"The KeyUpdate handshake message is used to indicate that the sender is updating its sending cryptographic keys."
"If the request_update field is set to "update_requested", ...
- 51
1
vote
0
answers
40
views
benefits of a common session key over a common password [migrated]
Password-authenticated key exchange (PAKE) is a method in which two or more parties, based on their knowledge of a shared password,
establish a cryptographic key using an exchange of messages, such ...
- 25
2
votes
2
answers
70
views
Security Risks of Deriving Crypto Wallet Seed Phrases Using Deterministically Derived Salt
I'm working on a project where I want to generate a set of crypto wallet seed phrases from an existing seed phrase. The reason for this is so that using just the original seed phrase the wallet holder ...
- 21
1
vote
0
answers
35
views
Security considerations in choosing DTLS connection IDs
Are there any security concerns with choosing highly structured or short connection IDs for use in DTLS? For example:
32bit connection IDs handed out sequentially: There is obviously statistical data ...
- 262
0
votes
0
answers
14
views
Help Needed with Chosen Plaintext Attack on AES-CTR [migrated]
I'm working on a cryptanalysis project for my professor, and I need some guidance. The assignment involves implementing one of the following types of attacks on a ciphertext encrypted with a symmetric ...
2
votes
1
answer
58
views
Why is the "intermediate" challenge needed in Bluetooth ECDH since the "real" verification is performed at the end with code comparison?
Why is step 4 needed? What does it protect in terms of security? Doesn't the protection arrives from the last step so when Va and Vb (so called TK, Temporary Keys) are compared?
Other thing: I read ...
- 129
4
votes
2
answers
711
views
Omit IV for AES128-CBC when requiring to always get the same ciphertext encrypting random IDs
Imagine having images stored in a system with their 256 bit hash (BLAKE2b) as their unique ID. We want to produce a URL for each image, something like:
https://host/images/cleartext-image-ID
In order ...
- 604
0
votes
1
answer
78
views
relation passphrase and password-based key derivation
I am not totally sure how the following concepts are related, could someone please explain?
password-based key derivation
passphrase that can be passed to crypto.generateKeyPairSync (in Node.js)
...
- 25
1
vote
0
answers
71
views
Group admin in end-to-end encrypted group chat
I was thinking about building a simple end-to-end encrypted chat with group chat capabilities. Please keep in mind that 1) it's just an experiment to help me learn more about cryptography and 2) I'm ...
- 11
1
vote
1
answer
93
views
Login with roles without internet
Disclaimer: question orignally posted here but i was encouraged to ask it in this stack instead.
Introduction part
I'm writing an application that requires authentication to be used, specifically the ...
- 113
0
votes
0
answers
24
views
Making a safe certifcates system for an actions API [duplicate]
I have been working on a certificate system for use (as a means of authentication) with my accounts system APIs. I am still thinking out the details, I have only watched a few videos on asymmetric ...
- 1